<?
function tryLogin($userID,$password,$userType='staff') {
	global $userLevelArray,$dbname, $db, $db_selected, $session;
	
	$error = 0;
	if (empty($userID) || empty($password)) {
		$error = 1;
		$message = 'You must enter a User Name and Password.';
	} else {	
		if ($userType == 'staff') {
			$levelSecurity = ' LevelSecurity > 0 ';		
		} else {
			$levelSecurity = ' LevelSecurity = 0 ';
		}
		
		$userID   = mysql_real_escape_string($userID);
		$password = mysql_real_escape_string($password);
		
		// Try against database
		$sql = "SELECT * from cdc_Users 
				WHERE 
				UserName = '$userID' AND 
				Password = '$password' AND
				$levelSecurity AND
				Active = 1";
		$result = mysql_db_query($dbname,$sql);
		if (mysql_num_rows($result)>0) {
			$row = mysql_fetch_assoc($result);
			$staffID  = $row[StaffID];
			$fullName = $row[StaffFName].' '.$row[StaffLName];
			$org      = $row[Organization];
			$level    = $row[LevelSecurity];
			
			/*
			 * Set all session variables
			 */
			$session->logged      = 1;

			$_SESSION['logged']   = 1;
			$_SESSION['userid']   = $staffID;
			$_SESSION['userName'] = $userID;
			$_SESSION['fullName'] = $fullName;
			$_SESSION['org']      = $org;
			$_SESSION['level']    = $level;
			$_SESSION['timeIn']   = time();
			$_SESSION['contactLogStart'] = 0; 
			$_SESSION['libraryLogStart'] = 0; 
			
			/*
			 * Increment NoOfLogins +1
			 */
			$sql = "UPDATE cdc_Users
					SET NoOfLogins = NoOfLogins+1
					WHERE 
					UserName = '$userID' AND 
					Password = '$password'";
			$result = mysql_db_query($dbname,$sql);
		} else {
			$error = 1;
			$message = 'Your login was unsuccessful. Please try again.';
		}
	}	
	$loginString = $error.'|'.$message;
	return $loginString;
}

function findPassword($email) {
	global $dbname, $db, $db_selected;
	$email = mysql_real_escape_string($email);
	$sql = "SELECT * from cdc_Users WHERE StaffEmail = '$email'";
	$result = mysql_db_query($dbname,$sql);
	
	if (mysql_num_rows($result)<1) {
		/*
		 * Return error
		 */
		$response = 'error';
		
	} else {
		$row = mysql_fetch_assoc($result);
		
		$staffName = $row['StaffFName'].' '.$row['StaffLName'];
		$username  = $row['UserName'];
		$password  = $row['Password'];
		
		/*
		 * Send login information
		 */
		$message  = 'Hello '.$staffName.','.Chr(10).'Your CDC administrator login information is...'.Chr(10).Chr(10);
		$message .= '  User Name: '.$username.Chr(10);
		$message .= '  Password:  '.$password.Chr(10).Chr(10);
		$message .= 'If you have any further questions, please contact '.WEBMASTER_MAIL.'.';
		
		$subject = 'Your CDC login information';
				
		$mail = new Zend_Mail();
		$mail->setBodyText($message);
		$mail->setFrom(MASTER_MAIL, MASTER_MAIL_FROM);
		$mail->addTo($email, $staffName);
		$mail->setSubject($subject);
		if (!($mail->send())) {
			echo 'No mail got sent.';
		}		
		
		$response = 'success';		
	}
	
	return $response;
}
?>